Tor Browser Questions

Discussion in 'Networking, Telephony & Internet' started by pinkfloydeffect, Oct 25, 2020.

  1. pinkfloydeffect

    pinkfloydeffect Member

    Joined:
    Apr 19, 2011
    Messages:
    759
    Location:
    Florida, USA
    I hope Tor discussions are not against the site policy.

    Just getting into using it and I noticed that almost every site I visit does not allow me to continue without accepting cookies which is weird...because if I turn off cookies with a non-Tor browser the websites do not give me a hassle. Is this because the IP changes while you are still in a session so the site needs cookies to operate smoothly jumping IPs during the same session?

    Obviously not logging into sites is the point of using Tor but I have plenty of sites I need to log into such as online banking, Amazon, etc. If I were to log into a website in one tab does it blow my anonymity in all the other open tabs since it binds the IP to a website login? I thought about running a separate instance for sites I plan to log into but Tor does not allow more than one instance window. However if I do a DuckDuckGo search for "whats my IP" and check using different sites, each site shows my IP as something different....but if I reload an IP-checking site it shows the same IP. So it seems as if each tab or website DOES use/show a different IP. I believe this is because it uses a different routing hop for each site I visit?
     
  2. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,412
    Location:
    Melbourne
    side effect of the EU "Cookie Law".

    what people actually wanted was for websites to stop dropping tracking cookies on them all the time and surveilling their internet use as a means to shove more advertising in their faces. of course, that's not going to happen, so what we got was an incessant stream of cookie acceptance notifications telling us it was happening :rolleyes:. there's no requirement for a website to function for you without you accepting cookies, so the companies involved treat it in a similar fashion to a paywall - don't accept the advertising enabler cookie, no website for you.

    the point of Tor is anonymity, in that where your request to a website apparently originates from on the web is not ostensibly linkable to you. that doesn't prevent you from needing to log into a website if the resources you are accessing are protected by access credentials. I also wouldn't be logging into something like online banking via Tor, because for starters you're now pumping your financial data through multiple other computers, but your bank might react to your logging in from an IP that is geolocated in Abu Dhabi as a hack attempt.

    I don't have much experience with TB myself, but some reading suggests that what you're describing is by design. effectively, a virtual circuit to a Tor endpoint is created for the tab, and it will persist while the tab is open, unless you take action to deliberately refresh the circuit.

    https://tor.stackexchange.com/quest...-circuit-happen-without-closing-all-tabs?rq=1
    https://tor.stackexchange.com/quest...circuit-versus-new-identity?noredirect=1&lq=1

    someone with more knowledge and experience of this may be able to correct/expand on this, but I've always seen TB as a sort of crowdsourced dynamic VPN.
     
    pinkfloydeffect likes this.
  3. OP
    OP
    pinkfloydeffect

    pinkfloydeffect Member

    Joined:
    Apr 19, 2011
    Messages:
    759
    Location:
    Florida, USA
    Very good point about not using Tor for banking, not only due to random computers handling my data but also the chance of raising the hack flag. I will have to keep this in mind depending on the site I am using!

    So I suppose if I am Googling something embarrassing and want to keep my searches private in one tab, opening a new tab to log into for instance Overclockers.com does not jeopardize my Google search tab since I will use a different exit node for my Google search tab than my Overclockers tab...

    From my research the "crowdsourced dynamic VPN" aka Tor, is much safer than any company owned VPN service at the expense of throughput bandwidth.
     
  4. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,412
    Location:
    Melbourne
    if you're genuinely concerned about the privacy of Tor versus a reputable VPN then I suggest that you need to seriously consider the wisdom of doing whatever you're doing, you know? that's law enforcement level stuff, and if it comes to that then nothing is going to save you.
     
  5. OP
    OP
    pinkfloydeffect

    pinkfloydeffect Member

    Joined:
    Apr 19, 2011
    Messages:
    759
    Location:
    Florida, USA
    I'm honestly not very concerned lol I just overthink everything and I am trying to do it right for the sake of general concept.
     
  6. OP
    OP
    pinkfloydeffect

    pinkfloydeffect Member

    Joined:
    Apr 19, 2011
    Messages:
    759
    Location:
    Florida, USA
    Tor is raising other concerns if anyone has some advice, I use AOL mail (yes...I know) and upon checking my recent session history due to the fact my IP circuit changes constantly within Tor I have all these open sessions I can manually sign out of. Is this making my email more vulnerable leaving open session trails all over the place as entry points? I realize signing into anything in Tor defeats the purpose but I am not necessarily trying to be anonymous everywhere, just trying to avoid advertisement tracking and being a bit more safe on unsecure public networks, etc.

    [​IMG]
     
    Last edited: Oct 28, 2020
  7. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    9,256
    Location:
    Briz Vegas
    Main point her is using tor browser for any online service you enter credentials for is pointless, use a non-tor session for AOL.
     
    pinkfloydeffect likes this.
  8. OP
    OP
    pinkfloydeffect

    pinkfloydeffect Member

    Joined:
    Apr 19, 2011
    Messages:
    759
    Location:
    Florida, USA
    That makes sense, I realize all the other settings the Tor browser is setup with achieve the boundaries I am looking for such as HTTPS/No-Script/etc. I was not aware I could start a non-Tor network session using the same browser, is that what you are saying?
     
  9. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    9,256
    Location:
    Briz Vegas
    Install chrome and use that for AOL if you can't run 2 different versions of firefox.
     
  10. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    14,097
    Location:
    Canberra
    no, they're not 'open' sessions in the sense that if someone else happens to use the same tor endpoint and go to your website, they log in automagically as you. the session will be linked to the IP used, and a session cookie saved on your browser. they're as secure as they would be without tor.

    as already mentioned though, the server may decide that someone logging in from dozens of varied locations around the world may be a hack and trigger an account lock etc.
     
    pinkfloydeffect likes this.
  11. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    42,739
    Location:
    Brisbane
    I don't think either are "safer" than the other. Fact is that anyone interested in surveillance knows very well the end points of each, and the paranoid funnelling all of their information through either is a nice way for those who want to surveil to focus their efforts.

    Tor in theory makes your endpoint slightly more random, but the sad fact of the matter is that Tor exit nodes are far more limited than we'd hoped. There are an abundance of court cases where authorities de-anonymised traffic and caught people attempting to use Tor for nefarious reasons.
    https://www.vice.com/en/article/gv5...lped-fbi-bust-silk-road-2-child-porn-suspects

    Ultimately both are a form of obfuscation at best, and neither are a way to hide 100% effectively on the Internet. If your goal is to try and reduce your digital fingerprint from advertising groups, then fair enough. If instead you're a journalist living under an oppressive regime and are trying to get information out of your country, potentially risking life imprisonment or death if you get caught, please don't rely on either.

    I'm assuming most folks on OCAU are the former, not the latter, so in that case, meh.
     
  12. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,412
    Location:
    Melbourne
    having had a few glimpses at what can be done by a government if they really want to over the years, I wouldn't be transmitting anything that would really get me into trouble across the internet, ever.
     
    elvis likes this.
  13. OP
    OP
    pinkfloydeffect

    pinkfloydeffect Member

    Joined:
    Apr 19, 2011
    Messages:
    759
    Location:
    Florida, USA
    I believe you can run Firefox and Tor browser at the same time, Tor browser does not rely on any of the core files in the Firefox install...it does not even install to registry or appdata.

    I switched from Chrome to Edge 6 months ago because I read how great it was now being built on Chromium without Google's BS. I will DL Firefox but I was hoping I could launch non-Tor tabs so I could just use the same browser...or set certain sites to bypass the Tor network.


    Yeah these are some valid points, I have read about timing attacks, and the fact that your entry node rarely ever changes is a bit concerning but I just think the concept is interesting as I am studying to become a network engineer with time. Right now it is just an experiment and a learning experience. I kind of miss YouTubes recommendations now haha. I am using my landlords gateway so at the least I am securing myself from them I guess, it's just a free and somewhat slow VPN...but IMO better than a paid VPN for what its worth to me.


    I don't and I already stated that here. It's best to start practicing/exercising this now before its a bit more necessary in the future though.


    - - -

    On another note this experience has taught me a few things such as maximizing your browser hangs some information out there such as your OS, not sure why but that is the way it is. I noticed that the viewable browsing space within the Tor browser is windowed and not full screen so I am curious what that is all about and if it is an attempt at hiding the data a maximized browser hangs out there even if you maximize the Tor browser?
     
  14. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    9,256
    Location:
    Briz Vegas
    https://tails.boum.org/
     
  15. OP
    OP
    pinkfloydeffect

    pinkfloydeffect Member

    Joined:
    Apr 19, 2011
    Messages:
    759
    Location:
    Florida, USA
    Yes I have seen this and have been doing some cross comparisons between Tails, Parrot OS and Qubes OS. Have not formed a conclusion as of yet though.
     

Share This Page

Advertisement: